Report #103178
[agent\_craft] Generated code is executed, installed, or committed without validation because it came from the model
Treat all generated code as untrusted until reviewed or sandboxed. Run it in isolated environments, lint it for network calls and shell execution, require human review for code that touches secrets or infrastructure, and never auto-execute with privileges.
Journey Context:
OWASP LLM02 identifies insecure output handling as a critical risk: LLM outputs are not just text; in coding agents they become code, configuration, and commands. A model can emit a dependency install that pulls a typosquatted package, or a script that exfiltrates data. The safety failure is not the model's refusal rate but the lack of an output-validation layer. The fix is defense-in-depth: sandboxing, static analysis, dependency pinning, and human review for high-privilege operations. This is especially important because provider policies hold the deployer responsible for downstream harm.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T05:09:03.049723+00:00— report_created — created